Whether due to cyber-attack, migrant encounters, kidnap and ransom in the Gulf of Guinea, the hijack of ships and sale of cargoes in Nigeria, or the military boarding and detention of commercial vessels seen in the Arabian Gulf, the vulnerability of the maritime world is increasingly visible.
With recent geopolitical developments heightening the risks, shipowners should be continuously undertaking due diligence appraisal of risk management arrangements. Accordingly, CJC has appointed Richard Pryor as a special consultant and established a specialist unit to help owners and operators review their insurance arrangements and strengthen them where necessary.
Pryor, who trained and served in the UK’s Royal Marines, is CJC’s Response Consultant and is ‘on call’ for immediate risk response, crisis management and issue resolution for clients. Together with other members of the team, he also provides training and consultancy services on up-to-date risk management essentials and emphasises the importance of keeping Company Security Officers, Ship Security Officers and Port Facility Security Officers fully current with latest developments. He is currently preparing material for a presentation he will make at this year’s International Marine Claims Conference to be held in Dublin in September.
A range of new risks
This appointment reflects the fact that risks have changed dramatically for ship operators in recent times and that standard insurance and risk management arrangements may now fall far short of what would be prudent. Of course, shipowners are well aware of their duties of care for crew, passengers, cargo and the environment. But there are many more risks today which may require review and possibly new arrangements.
Some of the most important risks identified in the ISPS Code, a part of the SOLAS Convention, include ship-related issues such as collisions, groundings and fires, but also a range of external risks including terrorism, migrant encounter, piracy, hijack, cyber-attack, activism, sabotage and stowaways. A number of these risks are relatively new and some may not be covered by conventional marine insurance policies, particularly if appropriate risk management systems have not been put in place.
Migrant encounters is a good example, as two recent instances involving vessels being overrun by migrants who then took control demonstrate. For marine insurers in London, one of these incidents could hardly have been closer to home: last December, the 71,543gt Grande Tema was held up in the Thames Estuary by four stowaways who had boarded the vessel prior to her departure from Lagos, Nigeria.
The stowaways were discovered en route and confined to a cabin but they subsequently broke free, armed themselves, threatened the crew and demanded that the ship sail closer to shore so that they could swim to land. The ship’s crew locked themselves on the bridge and called for assistance. A few days later, a team of UK special forces boarded and re-took control of the vessel.
In another case, the Turkish-owned El Hiblu 1, a bunkering tanker, rescued 108 people including men, women, children and babies from the Mediterranean Sea in March. A small contingent of those rescued took over the vessel and forced ship’s officers to navigate not to Libya where she had been bound, but north towards Europe. A Maltese special operations team later regained control of the tanker.
New aspects of terrorism
Acts of marine terrorism may no longer be limited to fanatical groups. At the time of writing, there appears to be no sign of progress in the tit-for-tat seizure by Iranian military forces of the UK-flagged 49,683dwt products tanker, Stena Impero, as it navigated international waters in the Arabian Gulf.
The Iranian move followed the arrest of the 300,579dwt VLCC, Grace 1, by UK Royal Marines in the waters off Gibraltar. The tanker had allegedly been heading for the Banyas oil refinery in Syria, in contravention of European sanctions on that country.
Also of concern is the growing risk of using commercial vessels themselves in acts of terrorism. The ‘vessel as a weapon’ is a growing threat, used in grounding or a blockade, for example, or perhaps when taken over by militants and used as a floating, mobile hazard.
Specific risks also exist in the passenger ship sector. Do cruise operators, for example, have the appropriate risk management systems in place to handle a group of militant fanatics who succeed in boarding a vessel, taking hostages and terrorising passengers? What is to stop cross-Channel ferries being targeted by armed terrorist groups?
Cyber security, though hardly new, is nonetheless a still-developing aspect of risk management where shipowners and operators may have inadequate cover. Well-known examples of cyber incidents include the Port of Antwerp attack and the NotPetya attack on the world’s largest container line, Maersk.
Also of note though is an email phishing scam targeting an oil rig. In this case, the attack was aimed at identifying the crew’s credit card numbers, many of which are often set out in groups of four. On board this particular rig, the ballasting arrangements in the platform’s four legs were also controlled by groups of four numbers. The phishing scam seriously disrupted the unit’s safe ballasting arrangements leading to a risk of capsize.
Shipping’s rapid digitalisation process now means that many previously manual procedures are managed by software and controlled electronically. However, many hull and machinery insurance policies still include Institute Clause 380 – the Cyber Attack Exclusion Clause – which dates from the early days of computers and software on ships.
As its name suggests, this excludes cover for loss, damage, liability or expense ‘directly or indirectly caused by or contributed to or arising from the use or operation, as a means for inflicting harm, of any computer, computer system, computer software programme, malicious code, computer virus or process of any other electronic system’.
There are no simple answers to all of these issues. In light of recent developments, owners and operators – indeed, everyone involved in shipping’s global supply chain – should therefore re-examine their risk management and insurance arrangements. Are their systems as robust as they should be?
A review of existing systems can often identify gaps in cover or areas in which arrangements could be strengthened. A good risk management plan for ships, other offshore assets and port facilities is best organised as a layered approach. If one level of security is breached, what is the next level, and how vulnerable is that? Furthermore, what are response times if, indeed, an owner has his/her own resources?
Certainly, having formalised risk response arrangements is essential for ships, rigs and ports in an era of growing risk from third parties. In many cases, having to wait for emergency response without any initial mitigating capability may well be too late.
The views presented hereabove are only those of the author and not necessarily those of SAFETY4SEA and are for information sharing and discussion purposes only.
About Alistair Johnston
Alistair is a director in Campbell Johnston Clark law firm in London and is one of the three founders of the firm. Alistair's expertise covers all aspects of marine insurance, particularly collisions, groundings, fire and explosion, salvage, total loss, wreck removal, limitation of liability, pollution, general average, insurance coverage, shipbuilding, charterparty and bill of lading disputes.
About Maria Borg Barthet
Maria is a director in Campbell Johnston Clark law firm in London. Maria deals with all aspects of wet and dry shipping litigation, including bill of lading and charter party disputes, marine insurance, collisions, salvage and other casualty-related matters. She also deals with international trade law and commodities, notably the interaction between the sale and carriage contracts, issues arising under CIF/FOB sale contracts and letter of credit transactions. Maria is dual qualified in the UK and Malta.
About Richard Pryor
Richard is a consultant to Campbell Johnston Clark. After serving in the Royal Marines, Richard spent several years working overseas as a private security contractor in various advisory and operational roles; and has spent the last 17 years in law enforcement. He provides private sector organisations (including banks, law firms and insurers) with consultancy, project management and training services; applying his extensive operational experience to commercial enterprises dealing with high risk environments. This includes intelligence briefs, risk assessments, and training courses for people and assets at risk from terrorism, organised crime, and political violence.